Acceptable Use Policy

Version 1.0 | Effective: April 2026 | FINTRAC MSB: 1001308627

1. Purpose & Scope

1.1 Purpose

This Acceptable Use Policy (“AUP” or “Policy”) defines the terms and conditions governing the use of all products, services, and platforms provided by Glacierpay Inc. (“Glacierpay,” “we,” “us,” or “our”). The purpose of this Policy is to ensure that all clients use Glacierpay's services in a manner that is lawful, ethical, and consistent with our regulatory obligations as a registered Money Services Business with the Financial Transactions and Reports Analysis Centre of Canada (“FINTRAC”), Registration No. 1001308627.

This Policy is designed to protect Glacierpay, its clients, its banking and technology partners, and the integrity of the broader financial system from misuse, abuse, and criminal exploitation.

1.2 Scope

This Policy applies to:

All clients (including prospective clients) of Glacierpay, whether corporate entities, partnerships, trusts, or other legal persons;
All services offered by Glacierpay, including but not limited to over-the-counter (“OTC”) fiat-to-cryptocurrency conversion, cryptocurrency-to-fiat conversion, and related payment processing services;
All interactions with Glacierpay's platforms, including the Website (glacier-pay.com), application programming interfaces (“APIs”), client portals, and any other technology infrastructure;
All directors, officers, employees, agents, beneficial owners, and authorised representatives of client entities.

By engaging with Glacierpay's services, you acknowledge that you have read, understood, and agree to be bound by this Policy. Violation of this Policy may result in immediate suspension or termination of your account and services, and may be reported to applicable law enforcement and regulatory authorities.

2. Permitted Use

Glacierpay's services are available exclusively to business-to-business (“B2B”) clients for legitimate commercial purposes. Permitted use of Glacierpay's services includes:

Legitimate business activities:Using Glacierpay's OTC services for bona fide commercial transactions, including but not limited to treasury management, cross-border settlement, supplier payments, and corporate hedging activities;
Compliance with applicable laws: Conducting all activities in full compliance with applicable federal, provincial, state, and international laws, regulations, and industry standards, including anti-money laundering, counter-terrorist financing, sanctions, tax, and securities laws;
Within service parameters: Operating within the transaction limits, jurisdictional restrictions, and operational parameters established by Glacierpay and communicated to you;
Accurate information: Providing complete, accurate, and up-to-date information at all times, including during onboarding, periodic reviews, and in connection with individual transactions;
Authorised use:Ensuring that only duly authorised persons access and use Glacierpay's services on behalf of the client entity, as documented in applicable board resolutions, powers of attorney, or other authorisation instruments;
Cooperation:Cooperating promptly and fully with Glacierpay's compliance team in connection with due diligence, monitoring, and any regulatory or law enforcement enquiries.

Note: Glacierpay does not provide services to individual consumers or retail clients. All clients must be legal entities engaged in legitimate business activities and must successfully complete Glacierpay's Know Your Business (“KYB”) onboarding process before accessing any services.

3. Prohibited Activities

Clients shall not use, or permit the use of, Glacierpay's services for any purpose that is unlawful, harmful, or in violation of this Policy. The following activities are expressly prohibited:

3.1 General Prohibitions

Illegal activity:Using Glacierpay's services in connection with any activity that violates applicable laws or regulations in any jurisdiction, including but not limited to Canadian federal and provincial law, European Union law, and international law;
Fraud and deception: Engaging in or facilitating fraud, misrepresentation, forgery, counterfeiting, or any form of dishonest conduct, including providing false, misleading, or incomplete information to Glacierpay;
Impersonation: Impersonating any person or entity, or falsely stating or otherwise misrepresenting your identity, affiliation, or authority to act on behalf of any person or entity;
Circumvention: Attempting to circumvent, disable, or interfere with any security, compliance, or operational controls implemented by Glacierpay;
Facilitating third-party violations: Permitting, enabling, or assisting any third party to engage in any activity that would constitute a violation of this Policy if conducted directly by the client.

3.2 Financial Crime

The following financial crime activities are strictly prohibited. Glacierpay maintains a zero-tolerance approach to financial crime:

Money laundering:Using or attempting to use Glacierpay's services to convert, transfer, conceal, or disguise the proceeds of criminal activity, or to make such proceeds appear legitimate;
Terrorist financing: Providing, collecting, or transferring funds with the knowledge or intention that they will be used to carry out terrorist acts, or for the benefit of terrorist organisations or individuals;
Sanctions evasion: Conducting transactions involving sanctioned persons, entities, countries, or territories, or structuring transactions to evade applicable sanctions programmes;
Structuring / Smurfing: Breaking transactions into smaller amounts or conducting a series of transactions designed to avoid regulatory reporting thresholds or detection;
Layering: Conducting complex, multi-step transactions designed to obscure the audit trail and distance funds from their criminal source;
Tax evasion:Using Glacierpay's services to evade tax obligations in any jurisdiction, including but not limited to failing to report taxable transactions, concealing assets, or misrepresenting the nature of transactions to tax authorities;
Bribery and corruption:Using Glacierpay's services in connection with bribery, corruption, or the payment of illicit inducements to public officials or private individuals;
Proliferation financing: Providing financial support for the development, acquisition, manufacture, possession, transport, or use of weapons of mass destruction or their delivery systems.

3.3 Prohibited Industries

Glacierpay does not provide services to clients operating in or connected to the following industries. Transactions involving funds derived from, or intended for use in, these industries are strictly prohibited:

Prohibited Industry	Description
Gambling & Gaming	Online or offline gambling, sports betting, casinos, lotteries, fantasy sports, and all other forms of wagering, whether licensed or unlicensed
Adult Entertainment & Pornography	Production, distribution, or facilitation of adult content, pornography, escort services, and related activities
Weapons & Arms	Manufacture, sale, distribution, or brokerage of weapons, firearms, ammunition, explosives, or military equipment
Cannabis & Controlled Substances	Cultivation, production, distribution, or sale of cannabis (regardless of local legality), narcotics, controlled substances, or drug paraphernalia
Shell Companies	Entities with no substantive business operations, legitimate commercial purpose, or identifiable source of income
Nested MSBs	Money services businesses that operate through another MSB's licence or infrastructure without proper licensing and registration
Construction Sector	Construction companies and related entities due to heightened corruption, bribery, and financial crime risk in this sector
Darknet Markets	Marketplaces operating on the dark web or Tor network that facilitate anonymous transactions for illicit goods or services
Mixing & Tumbling Services	Cryptocurrency mixing, tumbling, or blending services designed to obscure the origin, destination, or ownership of digital assets (including but not limited to Tornado Cash, CoinJoin services, and similar protocols)
Unlicensed Money Services	Money transmission, foreign exchange, payment processing, or other financial services operated without the required licences, registrations, or regulatory approvals

3.4 Technical Prohibitions

Clients shall not engage in or attempt the following technical activities:

Unauthorised access: Accessing or attempting to access Glacierpay systems, networks, accounts, or data to which you are not authorised, including through hacking, credential theft, social engineering, or exploitation of vulnerabilities;
API abuse:Using Glacierpay's APIs in a manner that exceeds authorised rate limits, circumvents access controls, or is inconsistent with the API documentation and terms of use;
Denial of service:Conducting or facilitating denial-of-service attacks, distributed denial-of-service attacks, or any activity designed to degrade, disrupt, or impair the availability or performance of Glacierpay's systems;
Reverse engineering:Decompiling, disassembling, reverse engineering, or otherwise attempting to derive the source code, algorithms, or architecture of Glacierpay's proprietary software, platforms, or systems;
Scraping:Automated scraping, crawling, harvesting, or extraction of data from Glacierpay's Website, platforms, or systems without prior written authorisation;
Circumventing security: Attempting to circumvent, disable, or interfere with any security measures, authentication mechanisms, encryption, access controls, or monitoring systems implemented by Glacierpay.

3.5 Market Manipulation

Clients shall not engage in or facilitate any form of market manipulation, including but not limited to:

Wash trading: Executing transactions in which the same party acts as both buyer and seller, or coordinating with counterparties to create the appearance of trading activity without genuine economic substance;
Spoofing: Placing orders or trade requests with the intent to cancel them before execution, for the purpose of creating a misleading impression of market demand or supply;
Front-running: Trading based on advance knowledge of pending client orders or non-public information about forthcoming transactions;
Pump and dump: Artificially inflating the price of a digital asset through misleading statements, coordinated buying, or other deceptive practices, followed by selling at the artificially elevated price;
Layering and spoofing: Placing multiple orders at different price levels with the intent to create a false impression of supply or demand, subsequently cancelling the orders once the market price has been influenced;
Any other manipulative practice: Any conduct designed to artificially influence the price, volume, or market perception of any digital asset, fiat currency, or financial instrument.

Warning: Market manipulation is a criminal offence in most jurisdictions. Glacierpay will report all suspected market manipulation to the relevant regulatory and law enforcement authorities without notice to the client.

4. Prohibited Jurisdictions

Glacierpay does not provide services to clients incorporated in, operating from, or conducting transactions involving the following jurisdictions. These restrictions are based on international sanctions programmes, FATF assessments, and Glacierpay's own risk assessment:

Jurisdiction	Basis for Prohibition
North Korea (DPRK)	OFAC, EU, UN comprehensive sanctions; FATF Black List
Iran	OFAC, EU, UN comprehensive sanctions; FATF Black List
Syria	OFAC, EU comprehensive sanctions
Cuba	OFAC comprehensive sanctions
Crimea, Donetsk & Luhansk	OFAC, EU sanctions (Russian-occupied territories of Ukraine)
Myanmar (Burma)	OFAC, EU targeted sanctions; significant ML/TF risk
Russia	OFAC, EU comprehensive sanctions
Belarus	OFAC, EU targeted sanctions
Somalia	OFAC, UN sanctions; significant ML/TF risk
South Sudan	OFAC, UN sanctions; significant ML/TF risk
Yemen	OFAC, UN sanctions; significant ML/TF risk
Afghanistan	OFAC sanctions; significant ML/TF risk
Venezuela	OFAC selective sanctions; elevated risk — case-by-case review at Glacierpay's sole discretion

This list is not exhaustive and may be updated at any time to reflect changes in international sanctions regimes, FATF assessments, or Glacierpay's risk appetite. Glacierpay reserves the right to decline or terminate services involving any jurisdiction that it determines, in its sole discretion, presents unacceptable risk.

Note: Clients must immediately notify Glacierpay if any of their beneficial owners, directors, authorised representatives, or transaction counterparties are nationals of, residents in, or have material connections to any prohibited jurisdiction.

5. Transaction Limits

All transactions conducted through Glacierpay are subject to the following standard limits:

Limit Type	Standard Limit	Notes
Minimum Trade Size	USD $10,000	Per individual transaction
Maximum Trade Size	USD $1,000,000	Per individual transaction
Daily Aggregate Limit	USD $5,000,000	Combined value of all transactions within a calendar day (UTC)
Monthly Aggregate Limit	USD $50,000,000	Combined value of all transactions within a calendar month

5.1 Adjusted Limits

Transaction limits may be adjusted on a case-by-case basis by written agreement between the client and Glacierpay. Requests for increased limits are subject to:

Enhanced due diligence review, including additional source of funds and source of wealth verification;
Senior management approval within Glacierpay's Compliance Department;
Ongoing enhanced monitoring for the duration of the adjusted limits;
A formal written amendment to the client's service agreement.

5.2 Limit Enforcement

Glacierpay monitors all transactions in real-time to ensure compliance with applicable limits. Transactions that exceed applicable limits will be automatically held for review and may be rejected. Repeated attempts to exceed limits without prior authorisation may result in account suspension.

6. Monitoring & Enforcement

Glacierpay continuously monitors all client activity, transactions, and interactions with its platforms to ensure compliance with this Policy, applicable laws, and regulatory requirements.

6.1 Monitoring Activities

Monitoring includes, but is not limited to:

Transaction monitoring: Real-time and batch review of all transactions for suspicious patterns, anomalies, limit breaches, sanctions matches, and compliance with stated business purpose;
Blockchain analytics: Screening of all cryptocurrency wallet addresses and transactions using blockchain analytics tools to detect exposure to illicit activity, sanctioned entities, darknet markets, mixing services, and high-risk counterparties;
Behavioural analysis: Identification of unusual account activity, login patterns, or changes in transaction profiles that may indicate compromise, fraud, or misuse;
Sanctions screening: Continuous screening of all clients, beneficial owners, and transaction counterparties against applicable sanctions lists;
Platform usage: Monitoring of API usage, access patterns, and system interactions to detect technical abuse or policy violations.

6.2 Enforcement Actions

Glacierpay reserves the right to take any of the following actions at its sole discretion and without prior notice where it determines, or has reasonable grounds to suspect, that a client has violated this Policy:

Suspension or restriction of account access;
Delay, hold, or rejection of transactions;
Termination of the business relationship;
Freezing of funds in accordance with applicable law;
Reporting to applicable regulatory authorities and law enforcement;
Pursuit of legal remedies, including claims for damages and injunctive relief.

Important: Glacierpay is under no obligation to provide advance notice of enforcement actions where doing so would compromise the integrity of an investigation, violate tipping-off prohibitions, or conflict with applicable law.

7. Reporting Obligations

Clients have a duty to report certain matters to Glacierpay promptly and in good faith. Failure to comply with these reporting obligations may itself constitute a violation of this Policy.

7.1 Mandatory Reporting

Clients must promptly report to Glacierpay:

Suspected violations:Any knowledge or suspicion that this Policy has been or is being violated, whether by the client's own personnel or by a third party in connection with the client's transactions;
Suspicious activity:Any unusual, irregular, or potentially suspicious activity observed in connection with transactions, counterparties, or the use of Glacierpay's services;
Sanctions matches: Any knowledge or suspicion that a transaction counterparty, beneficial owner, director, or other associated person is subject to economic sanctions or appears on a sanctions list;
Material changes:Any material changes to the client's corporate structure, beneficial ownership, business activities, risk profile, or regulatory status;
Legal proceedings: Any legal proceedings, regulatory investigations, or enforcement actions relating to money laundering, terrorist financing, fraud, sanctions violations, or other financial crime involving the client or its associated persons;
Data breaches:Any security incident, data breach, or compromise of credentials that could affect the security of the client's Glacierpay account or transactions.

7.2 How to Report

Reports should be submitted to Glacierpay's Compliance Department at [email protected] as promptly as possible. Reports should include all relevant details and supporting documentation. Glacierpay will acknowledge receipt and investigate all reports in accordance with its internal procedures.

8. Consequences of Violation

Glacierpay takes violations of this Policy seriously. The consequences of a violation will be proportionate to the severity, nature, and circumstances of the breach and may include one or more of the following:

8.1 Graduated Enforcement

Level	Action	Description
Level 1: Warning	Formal written warning	Issued for minor, inadvertent, or first-time violations where the client demonstrates good faith. The client is required to remediate the violation within a specified timeframe.
Level 2: Restriction	Account restriction or enhanced monitoring	Temporary restriction of services, increased transaction scrutiny, or enhanced monitoring. Applied where warnings have been disregarded or the violation is of moderate severity.
Level 3: Suspension	Immediate account suspension	Full suspension of all services pending investigation. Applied where there are reasonable grounds to suspect serious violations, including financial crime.
Level 4: Termination	Permanent termination	Permanent termination of the business relationship with no right of reinstatement. Applied for serious or repeated violations.
Level 5: Reporting & Legal Action	Regulatory and law enforcement reporting; legal proceedings	Reporting of the violation to FINTRAC, applicable FIUs, law enforcement, and other regulatory authorities. Glacierpay may pursue legal action to recover losses and obtain injunctive relief.

8.2 No Waiver

Glacierpay's failure to enforce any provision of this Policy at any time shall not constitute a waiver of that provision or of Glacierpay's right to enforce it at a later time. No single or partial exercise of any right or remedy shall preclude any other or further exercise of that right or remedy.

8.3 Client Liability

Clients are liable for all losses, damages, costs, fines, penalties, and expenses (including reasonable legal fees) incurred by Glacierpay as a result of the client's violation of this Policy. This liability survives the termination of the business relationship.

9. Cooperation with Authorities

Glacierpay is committed to full cooperation with law enforcement agencies, financial intelligence units, regulatory authorities, and courts of competent jurisdiction in the prevention, detection, and prosecution of financial crime.

9.1 Regulatory Cooperation

Glacierpay cooperates with the following authorities, among others:

FINTRAC(Financial Transactions and Reports Analysis Centre of Canada) — as Glacierpay's primary AML/CFT regulator;
Canadian law enforcement— including the Royal Canadian Mounted Police (“RCMP”) and provincial police services;
International regulators— including EU financial intelligence units, the U.S. Financial Crimes Enforcement Network (“FinCEN”), and other competent authorities in jurisdictions where Glacierpay operates;
Industry bodies — including FATF, Egmont Group member FIUs, and relevant industry self-regulatory organisations.

9.2 Information Sharing

Glacierpay may share client information, transaction records, and other relevant data with authorities:

As required by law, regulation, or court order;
In response to lawful requests from regulatory or law enforcement authorities;
Voluntarily, where Glacierpay has reasonable grounds to suspect criminal activity;
In connection with suspicious transaction reports (“STRs”) filed with FINTRAC or other FIUs.

Glacierpay shall not inform clients that information has been shared with authorities where doing so would constitute tipping off or otherwise violate applicable law.

9.3 Client Cooperation

By using Glacierpay's services, clients agree to cooperate fully with any investigation conducted by Glacierpay or by regulatory or law enforcement authorities at Glacierpay's request. This includes providing additional documentation, information, and access to personnel as reasonably requested. Failure to cooperate may itself constitute a violation of this Policy and grounds for termination.

10. Amendments

Glacierpay reserves the right to amend, modify, or replace this Policy at any time to reflect changes in regulatory requirements, industry standards, business operations, or risk appetite.

Amendment procedures:

Notice:Glacierpay will provide clients with at least thirty (30) days' written notice of material amendments to this Policy, delivered via email to the registered contact address or by publication on the Website;
Effective date:Amendments will take effect on the date specified in the notice. Continued use of Glacierpay's services after the effective date constitutes acceptance of the amended Policy;
Immediate amendments:Notwithstanding the foregoing, Glacierpay may amend this Policy with immediate effect where required by law, regulation, court order, or regulatory directive, or where necessary to address an imminent threat to the integrity or security of Glacierpay's services;
Right to terminate: If you do not agree to any amendment, you may terminate your service agreement with Glacierpay by providing written notice before the effective date of the amendment. Any outstanding obligations, including settlement of pending transactions, shall survive termination.

The current version of this Policy is always available on the Glacierpay Website at glacier-pay.com.

11. Contact

If you have any questions, concerns, or reports regarding this Acceptable Use Policy, please contact our Compliance Department:

Contact Method	Details
Compliance Email	[email protected]
Company	Glacierpay Inc.
FINTRAC Registration	MSB 1001308627
Jurisdiction	Ontario, Canada
Website	glacier-pay.com

For urgent compliance matters, including reports of suspected financial crime or sanctions matches, please mark your email as “URGENT — Compliance Report” in the subject line. Glacierpay's Compliance Department monitors this inbox continuously and will acknowledge receipt within one (1) business day.